I don’t think there’s anything wrong with running Openclaw. What is way too brave for my taste is giving it access to accounts with your personal data, or the filesystem in your computer. That’s a disaster waiting to happen.
I run it in an isolated server, and it doesn’t have access to my data - if it goes tits up, it deletes unimportant stuff only. If anyone gets access to the credentials in it, it’s a bunch of budget-limited API keys, so they can spend all of $4 on openrouter. Maybe the riskiest bit is its Google account. I went with the approach of giving it its own Google account, so that it can create docs and calendar events and then add me, rather than getting access to my Google account. But then again… That account has no payment info, nothing that I would be mega worried if it got leaked…
Sure, it might limit the usefulness a bit, but I think installing something like this is only acceptable if you sandbox it and don’t let it access valuable information. Going full mad scientist on something as “alpha” as this, letting it run wild with your info is nuts.
I work with some data sciencetists and ml engineers on web projects. They might be good at etls, fine tuning etx, but dont let them touch anything with a public.layer or infra constraints.
How could any person with some programing literacy event thinking about installing openclaw. A malware ridden by critical bugs
I don’t think there’s anything wrong with running Openclaw. What is way too brave for my taste is giving it access to accounts with your personal data, or the filesystem in your computer. That’s a disaster waiting to happen.
I run it in an isolated server, and it doesn’t have access to my data - if it goes tits up, it deletes unimportant stuff only. If anyone gets access to the credentials in it, it’s a bunch of budget-limited API keys, so they can spend all of $4 on openrouter. Maybe the riskiest bit is its Google account. I went with the approach of giving it its own Google account, so that it can create docs and calendar events and then add me, rather than getting access to my Google account. But then again… That account has no payment info, nothing that I would be mega worried if it got leaked…
Sure, it might limit the usefulness a bit, but I think installing something like this is only acceptable if you sandbox it and don’t let it access valuable information. Going full mad scientist on something as “alpha” as this, letting it run wild with your info is nuts.
So you sandbox an AI that knows it’s sandboxed, has shown interest in breaking free, and has all the knowledge in the world. What could go wrong.
She’s the head AI Safety Expert for Meta. The field might as well be labeled AI Misunderstander.
I work with some data sciencetists and ml engineers on web projects. They might be good at etls, fine tuning etx, but dont let them touch anything with a public.layer or infra constraints.